[Bug 207553] A New variable of `firewall_nat_rules' in /etc/rc.conf
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Feb 28 08:04:48 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207553
Bug ID: 207553
Summary: A New variable of `firewall_nat_rules' in /etc/rc.conf
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: standards
Assignee: freebsd-standards at FreeBSD.org
Reporter: kiri at kx.openedu.org
Created attachment 167503
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=167503&action=edit
Patchs for `firewall_nat_rules' of /etc/rc.firewall and /etc/defaults/rc.conf
Now ipfw(8) firewall nat is represented by firewall_nat_* variables in
/etc/rc.conf. All flags of nat rules were described by firewall_nat_flags
like:
firewall_nat_flags="deny_in reset same_ports unreg_only redirect_port tcp
192.168.2.253:22 22253 redirect_port tcp 192.168.2.252:22 22252 "
But more redirections add, longer firewall_nat_flags line expand. To use
ipfw nat practically, redirection rules described in another file
like a `/etc/ipfw_nat.rules' and specify it's file name in rc.conf by
`firewall_nat_rules' variable. The new ipfw nat configuration is
1) Enable ipfw nat and specify nat global variables by firewall_nat_flags
firewall_nat_enable="YES"
firewall_nat_interface="em0"
firewall_nat_flags="deny_in reset same_ports unreg_only"
2) Then nat redirections specify in /etc/ipfw_nat.rules like
redirect_port tcp 192.168.2.3:25 25
redirect_port tcp 192.168.2.4:80 80
redirect_port tcp 192.168.2.5:21 21
redirect_port tcp 192.168.2.254:12345 12345
redirect_port tcp 192.168.2.1:22 66932
redirect_port tcp 192.168.2.2:22 66053
redirect_port tcp 192.168.2.3:22 66025
redirect_port tcp 192.168.2.4:22 66080
redirect_port tcp 192.168.2.5:22 66401
redirect_port tcp 192.168.2.17:67890 66419
redirect_port tcp 192.168.2.132:22 66132
3) Set /etc/ipfw_nat.rules to firewall_nat_rules in /etc/rc.conf
firewall_nat_rules="/etc/ipfw_nat.rules"
To be able to this, /etc/rc.firewall changes as follows:
--- /etc/rc.firewall.org 2016-02-27 10:33:06.845684000 +0900
+++ /etc/rc.firewall 2016-02-28 16:02:08.404038000 +0900
@@ -162,6 +162,9 @@
case ${firewall_nat_enable} in
[Yy][Ee][Ss])
if [ -n "${firewall_nat_interface}" ]; then
+ if [ -n "${firewall_nat_rules}" -a -r
${firewall_nat_rules} ]; then
+ firewall_nat_flags="${firewall_nat_flags} `cat
${firewall_nat_rules}`"
+ fi
if echo "${firewall_nat_interface}" | \
grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
firewall_nat_flags="ip
${firewall_nat_interface} ${firewall_nat_flags}"
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-standards
mailing list